1 Answer
1

This question is too broad, as the answer is going to depend upon the particular vulnerability/attack. Pretty much any description of a vulnerability or attack will describe its potential impact (= technical impact, in the OWASP terminology). So, if there's a particular vulnerability you want to know about, you should be able to go read any primer on that vulnerability and find out more about the (technical) impact of the vulnerability.

For instance, buffer overflow vulnerabilities allow code injection, so allow the attacker to inject malicious code into the vulnerable program and execute it with all of the program's privileges. SQL injection vulnerabilities allow the attacker to execute arbitrary SQL queries (and thus read or write to the database) and possibly -- depending upon how the database is configured -- execute malicious code with all of the database program's privileges. And so on.

What would be a good framework to describe Technical Impact? Would the effect of a hack on CIA be a good starting point?
–
Epoch WinMar 5 '12 at 20:19

2

CIA is fine, but look, you don't need a framework. You can just describe the impact. I think it's easy to get overly hung up on frameworks and taxonomies and stuff like that.
–
D.W.Mar 5 '12 at 20:35

Definitely would not want to get too deep into a taxonomy but I guess what I'm getting at is means by which I describe threats to different stakeholders. CIA might work with security and risk professionals but to a developer you want to emphasize the severity in a different way so that's why I asked for different resources which give different perspectives on the same threat / vulnerability.
–
Epoch WinMar 6 '12 at 16:02